Internet Explorer 11 gone - but "is already installed on this system"

Page 2 of 9 FirstFirst 1234 ... LastLast

  1. bengta
    Posts : 39
    Windows 7 Ultimate 64 bit SP1
    Thread Starter
       New #11

    Hi,
    I actually checked that it was the files I copied and not the directory. :)

    Here are the results from the commands.

    Code:
    Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Bengt>DIR C:\btaaa
 Volume in drive C has no label.
 Volume Serial Number is F222-8506

 Directory of C:\btaaa

2015-01-31  21:09    <DIR>          .
2015-01-31  21:09    <DIR>          ..
2015-01-31  06:43    <DIR>          amd64_microsoft-windows-d..evelapisets-windo
ws_31bf3856ad364e35_7.1.7601.16492_none_e249fd3fed68cb81
2015-01-31  06:44    <DIR>          amd64_microsoft-windows-downlevelapisets-bas
e_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7
2015-01-31  06:44    <DIR>          amd64_microsoft-windows-downlevelapisets-com
_31bf3856ad364e35_7.1.7601.16492_none_5b1161f912e23f6d
2015-01-31  06:45    <DIR>          amd64_microsoft-windows-downlevelapisets-she
ll_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca
               0 File(s)              0 bytes
               6 Dir(s)  20 228 468 736 bytes free

C:\Users\Bengt>DIR C:\Windos\winsxs\btaaa
The system cannot find the path specified.

C:\Users\Bengt>
      My Computer
    Quote Quote

  3. NoelDP
    Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       New #12

    OK - let's see what else could have gone wrong.~
    Are you sure that you copied the contained folders to the proper Drive letter? did you get any error messages?
      My Computer
    Quote Quote

  4. bengta
    Posts : 39
    Windows 7 Ultimate 64 bit SP1
    Thread Starter
       New #13

    Hi,
    Yes, I'm sure it all went well. Xcopy said 9 files copied successfully. I redid it just now just to make sure.
    I created one CBS after funning sfc before rebooting, and one after rebooting. the attachment without the date is the latest. The one with the date was the one created before the reboot. (I thought maybe both could be useful?)

    Good luck!
      My Computer
    Quote Quote

  6. NoelDP
    Posts : 21,482
    Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
       New #14

    The errors are still present
    I'll try and create an alternative later today.
      My Computer
    Quote Quote

  7. bengta
    Posts : 39
    Windows 7 Ultimate 64 bit SP1
    Thread Starter
       New #15

    NoelDP said:
    The errors are still present
    I'll try and create an alternative later today.
    Good luck! :) I'm looking forward to it. My computer is acting quite weird I think...
      My Computer
    Quote Quote

  8. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #16

    Run a few quick utilities, one to clean up temporary files across your system and the second one to check for malware.

    Restart your machine in case there are any system operations pending

    Click here to download Old Timer-TFC.
    >> save the application to your Desktop.
    Old Timer-TFC is a standalone application, there is no install.

    Save your work and close all open windows.
    TFC will close ALL open programs including your browser!

    Right click, run as administrator TFC

    Click the Start button to begin the cleaning up temporary files and folders.
    Do not work on other things while TFC is running - most applications use some sort of temporary files. Just let TFC run by itself on the machine until it completes.

    If TFC prompts you to reboot, do so immediately.
    If TFC does NOT prompt you, then reboot your machine immediately after TFC has completed.

    Follow the Download, Scan, and Clean steps in this tutorial on the author's site: How to use AdwCleaner version 3.x

    Malware is often difficult to erradicate - it is even more difficult if more than one path is taken on different sites.

    As you have posted the issue here on SevenForums, also post any logs here on SevenForums - not on the General Changelog Team (GCT) site. SevenForums members might ask you to launch other on-demand scanners that are not familiar to GCT.

    When your system is clean of malware, launch AdwCleaner a final time and click the Uninstall button.
      My Computer
    Quote Quote

  10. bengta
    Posts : 39
    Windows 7 Ultimate 64 bit SP1
    Thread Starter
       New #17

    Thanks for the good instructions. I have followed them. Here's the log after the cleaning was done. I hope it helps? It didn't look like it found anything very malicious... What to do now?


    Code:
    # AdwCleaner v4.110 - Logfile created 06/02/2015 at 00:00:33
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Bengt - ULTRA
# Running from : C:\Users\Bengt\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : hshld

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Bengt\AppData\Local\Hola
Folder Deleted : C:\Users\Bengt\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Bengt\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Bengt\AppData\Roaming\Uniblue
Folder Deleted : C:\Users\Bengt\AppData\Roaming\Mozilla\Firefox\Profiles\atrz4mzx.default\Extensions\isreaditlater@ideashower.com
Folder Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm
Folder Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
Folder Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
File Deleted : C:\Users\Bengt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static-trackers.adtarget.me_0.localstorage
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static-trackers.adtarget.me_0.localstorage-journal
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.ak.facebook.com_0.localstorage
File Deleted : C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : SpeedUpMyPC

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Bengt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemoteControl for Winamp\Uninstall RemoteControl for Winamp.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp
Key Deleted : HKLM\SOFTWARE\Classes\HssIE.HssIEApp.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

***** [ Web browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Mozilla Firefox v32.0 (x86 en-US)

[atrz4mzx.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");

-\\ Google Chrome v40.0.2214.94

[C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://int.basefarm.com/dosearchsite.action?queryString={searchTerms}
[C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://int.basefarm.com/dosearchsite.action?spaceSearch=false&queryString={searchTerms}

-\\ Chromium v

[C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://int.basefarm.com/dosearchsite.action?queryString={searchTerms}
[C:\Users\Bengt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://int.basefarm.com/dosearchsite.action?spaceSearch=false&queryString={searchTerms}

*************************

AdwCleaner[R0].txt - [6089 bytes] - [05/02/2015 23:57:30]
AdwCleaner[S0].txt - [6426 bytes] - [06/02/2015 00:00:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6485  bytes] ##########
      My Computer
    Quote Quote

  11. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #18

    There were a few malware in there - conduit (search protect) and others I didn't research.
    I trust AdwCleaner to do the job it was written to do.

    I'd like you to run two more scanners, TDSSkiller and Malwarebytes Anti-Malware.

    Kaspersky TDSSKiller: Detect / Repair TDSS Rookits
    Restart the machine

    Malwarebytes Anti-Malware Free
    Restart the machine

    Post the malware scan logs, then run another SFC and post that output.

    Thanks,

    Bill
    .
      My Computer
    Quote Quote

  12. bengta
    Posts : 39
    Windows 7 Ultimate 64 bit SP1
    Thread Starter
       New #19

    OK! Done!

    Kaspersky scan, Malwarebytes scan and CBS.log attached.

    Malwarebytes scan here also:
    Code:
    Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-02-06
Scan Time: 17:16:02
Logfile: Malwarebytes scan result 2015-02-06.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.06.05
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bengt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407940
Time Elapsed: 13 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
    (Neither scan found any malware.)

    I really appreciate the help I'm getting here!

    /Bengt
    Internet Explorer 11 gone - but &quot;is already installed on this system&quot; Attached Files
    Last edited by bengta; 06 Feb 2015 at 12:19. Reason: Added Malwarebytes scan in plain text
      My Computer
    Quote Quote

  13. Slartybart
    Posts : 6,458
    x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
       New #20

    It looks as though you opted for the Mbam Pro trial
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    You might have done that on purpose, but if you missed the step that said "remove the checkmark form the trial offer" then you can just uninstall Mbam so you won't be pestered later about buying the product. You can then reinstall Mbam FREE.

    Kaspersky seems to be waiting on a second launch (30 items waiting). It sent suspicious objects to be checked against their Labs DB - a 2nd launch of Kaspersky retrieves the results when you scan the system - it should be faster that the first.

    Please run TDSSkiller one more time and post the log - thanks.

    Once I'm confident there isn't malicious software on your machine, you can try the patch Noel provided in post# 7
    -Not yet though ... I still have a lot of reading to do and maybe more scanners - it's tough to be confident where malware is concerned. The only thing you can really do is scan and clean with a few good tools.

    Bill
    .
      My Computer
    Quote Quote

 
Page 2 of 9 FirstFirst 1234 ... LastLast

  Related Discussions
Comodo Security Solutions is listed as a "Trusted Publisher" in both Word 2007 as well as IE 10 Preview. I was unable to remove it even after reverting to IE8. Running WIN 7_64 and IE10 currently with Kaspersky Internet Security 2013. I was able to remove Comodo Security Solutions from "trusted...
I purchased a new 1TB harddrive to host Windows 7. The installation was without any problem. Prior to installation, I removed all harddrives, including another 1TB data backup harddrive. When I installed the second drive, with all my important backed up data, it comes identified by Windows 7 as...
"dependency chain" "windows 7" internet "windows explorer" At the time of this writing, this search in Google will produce one result at best. Am I searching the wrong things? I have tried a couple handfuls of variants, and I am coming up with zilch. Though I am fairly well versed in...
Hello. I recently installed a SSD into my setup. I didn't have a Win7 64bit disk, so I booted into the HDD's OS and installed via .iso (I didn't want to burn it, as that always seems to fail. I wanted to get the System Restore partition installed on the SSD, so I tried booting to a Win 32bit...
After setting up Win7 my Internet Explorer start sometimes with a "Set up Windows Internet Explorer 8" (see attached snapshot). The user has only the choice between two buttons: NEXT and ASK ME LATER. But I miss a button "Don't display this dialog again" How can I permanently...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 18:32.
Find Us